Hello all, I have successfully compiled/linked w/ fipsld and FIPS_mode_set(1) returns true. I'm trying to understand what the FIPS_signature variable represents. Can it be used to verify/match against the FIPS library somehow? Is it supposed to match the sha/mac from the fips build? Or should this value simply be unique per release - especially in a static build. (So, if I were to dynamically link, this would stay the same, and in theory, if someone tried to preload a different library, then the fingerprints would likely mismatch and result in a failure to enable). If I dump out the value to truly convince myself that FIPS is enabled, I see: FIPS version part of OpenSSL 1.0.2h-fips 3 May 2016. Signature: dd:4a:38:e6:5d:db:d3:80:c2:aa:8d:20:c2:01:31:26:83:44:fd:1e: If I run OPENSSL_FIPS=1 openssl md5 - then I also get denied b/c FIPS mode is enabled. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160603/335454a6/attachment.html>
